Simple Mail Transfer Protocol (SMTP) is a standard protocol used for sending emails across the internet. It allows mail servers to communicate with each other and transmit messages reliably. However, some network administrators choose to block certain SMTP traffic for security or policy reasons. This article will examine whether SMTP can be blocked, reasons it might be blocked, and methods for blocking SMTP traffic.
What is SMTP?
SMTP is an application layer protocol that facilitates message transfers between mail servers. Here’s a quick overview of how it works:
- SMTP uses port 25 by default to establish connections between mail servers.
- When a user sends an email, their mail client contacts their organization’s mail server and uses SMTP to send the message content.
- The sending server establishes a connection with the receiving server over SMTP and transmits the email message.
- Once transmission is successful, the receiving server sends a delivery confirmation message back to the sender.
Some key benefits of SMTP include:
- Interoperability – SMTP is supported by all major email providers and clients. This universal compatibility enables communication between different platforms and applications.
- Reliability – SMTP has built-in mechanisms such as message queueing that ensure emails are delivered even if there are temporary failures.
- Simplicity – SMTP is a relatively simple, text-based protocol that is easy to implement and understand.
Why would SMTP be blocked?
There are a few scenarios where a network administrator might want to block SMTP traffic:
1. Prevent spam
One of the most common reasons is to prevent spam or unsolicited bulk emails. Spammers often try to abuse SMTP servers to send mass messages. Blocking outbound SMTP connections can stop this abusive behavior and keep the network from being blacklisted.
2. Limit distractions
Organizations may want to limit personal email usage by employees during work hours. Blocking SMTP prevents them from sending personal emails, improving productivity.
3. Enforce policies
Companies frequently have acceptable use policies for email and network resources. Blocking SMTP allows them to control email flows and enforce compliance.
4. Improve security
Blocking SMTP connections provides protection against malware, phishing attacks, and email-based threats. It forces email traffic to pass through secure gateways where it can be filtered.
5. Save bandwidth
Bulk SMTP transfers can consume network bandwidth unnecessarily. Rate limiting or blocking SMTP allows administrators to reduce bandwidth usage.
How to block SMTP traffic
There are several techniques administrators can use to block or limit SMTP, both on the network and host level:
Firewall rules – Configure firewall policies to deny outbound SMTP connections on port 25. This will stop all SMTP traffic that isn’t proxied through an authorized server.
Proxy server – Rather than blankly blocking SMTP, force all email connections through a proxy server that can filter and monitor transactions.
Disable SMTP service – If an SMTP server isn’t needed, disable the feature entirely on mail servers to prevent any SMTP flow.
Disable SMTP client – Uninstall or disable SMTP client software on end-user machines to prevent them from initiating outbound SMTP sessions.
Block TCP port 25 – Use host-based firewalls to block TCP port 25 traffic on client machines to prohibit them from accessing SMTP directly.
Remove SMTP permissions – Adjust user permissions so that they don’t have Send As rights required to send email through your organization’s mail servers.
Email filtering – Use gateway email filters to block emails from specific users based on sender, content, attachments, or other policies.
Working around SMTP blocking
If you are on a network where SMTP is blocked, there are couple ways you can still send email:
- Webmail – Web-based email services are accessible even if SMTP is blocked. As long as HTTP/HTTPS traffic is allowed, webmail will work.
- VPN tunnel – Configuring a Virtual Private Network (VPN) tunnel out of the restricted network allows you to bypass SMTP blocking policies.
- Alternate ports – Some email clients let you manually configure an alternate SMTP port such as port 465 or 587. This can succeed if only the standard port 25 is blocked.
- SMTP relay – Connecting to an external SMTP relay server on a non-blocked network provides a path for sending email through a proxy.
- Shared hosting – If allowed, using SMTP services offered by shared or commercial hosting providers is an option.
- Contact IT – In an organizational setting, contact the IT department to request temporary SMTP access if needed for valid business purposes.
Potential downsides of blocking SMTP
While blocking SMTP can provide benefits in some environments, there are also some potential downsides to consider:
- Can cause disruption to legitimate email delivery if overly broad rules are applied
- Forces users to resort to less secure channels like web-based email
- Prevents internal messaging between employees, like emailing coworkers
- Stops automated emails from internal systems that rely on SMTP for alerts or reports
- Makes it difficult for external parties to contact company employees via email
- Can be circumvented by technically savvy users through VPNs or other workarounds
- Results in extra support tickets and complaints from users who can’t access email
Therefore, SMTP blocking is most effective when applied selectively in a targeted manner based on carefully constructed policies.
- SMTP is a standard protocol used for sending emails between mail servers.
- Network admins may block outbound SMTP to prevent spam, enforce policies, improve security, and more.
- SMTP can be blocked at the network level using firewalls and proxies or at the host level by disabling clients and restricting access.
- If SMTP is completely blocked, alternatives like webmail, VPN tunnels, alternate ports, or SMTP relays can sometimes be used to still send email.
- Blocking SMTP can cause issues with legitimate email, so exceptions and bypass methods should be considered to limit disruption.
SMTP is vulnerable to abuse which is why blocking it is an option for security-conscious organizations. However, SMTP continues to serve an important role in delivering email, so the impacts of blocking it should not be taken lightly.
Admins seeking to block SMTP should carefully weigh the pros, cons and technical methods to find the right balance for their specific environment and users. With well-crafted policies and exceptions, SMTP can often be selectively blocked to prevent abuse while still enabling day-to-day business email as needed.
Q: What is the difference between blocking SMTP and blocking email?
A: Blocking SMTP specifically prevents the Simple Mail Transfer Protocol traffic used for transmitting emails. But it doesn’t always completely block access to email itself. Users may still be able to log into webmail or other email services as long as HTTP/HTTPS traffic is allowed.
Q: Can SMTP blocking be circumvented?
A: Yes, technical users may be able to circumvent SMTP blocking through methods like VPN tunnels, alternate ports, or SMTP relays. Admins should be aware of these limitations when implementing blocking policies.
Q: Will blocking SMTP prevent malware and phishing attacks?
A: SMTP blocking can reduce email-based threats but not eliminate them entirely. Users could still access webmail or get infected via HTTP links. Blocking SMTP should be one part of a defense-in-depth strategy.
Q: Is it better to block SMTP or use email filters?
A: Email filters allow more granular control based on specific senders, content policies, etc. But they can also be complex to manage. SMTP blocking provides blanket protection but can disrupt legitimate mail. Combining both methods is ideal.
Q: How can I send automated email alerts if SMTP is blocked?
A: Self-hosted solutions may not work with SMTP blocked. Consider using external email services designed for sending notifications, alerts and newsletters.
Q: Can I block personal emails but allow work emails?
A: This can be achieved through methods like allowing emails only from company domains, blocking specific domains like Gmail, or applying message filters that look for spammy keywords.
Q: What are some alternatives if I need to send emails with SMTP blocked?
A: Options include using web-based email, securing a VPN or SSH tunnel to bypass the blocking policy, using a different SMTP port if untouched, or routing mail through an external SMTP relay server.
Q: Is it possible to block incoming SMTP but allow outgoing?
A: Yes, this can be implemented by blocking SMTP traffic to port 25 while permitting outbound connections. It would help prevent your network from receiving spam while still allowing users to send emails.
Q: Can I block SMTP for specific users only?
A: You can block at the user level by disabling SMTP functionality in email clients, restricting Send As permissions, or configuring incoming/outgoing email filters to block mail by sender.
Q: What happens if I send an email when SMTP is blocked?
A: Typically the email will fail to send and remain stuck in the outbound queue. Users will receive errors indicating the message could not be delivered and should retry later when SMTP access is restored.
Q: Will blocking SMTP affect other mail protocols like IMAP or POP3?
A: No, SMTP is only used for sending mail. Other protocols deal with retrieving or managing messages, so they would be unaffected by SMTP blocking.
Q: Can SMTP blocking cause legitimate emails to be lost?
A: Yes, any outbound emails sent while SMTP is blocked could fail to be delivered. Mail servers will normally retry temporary failures but retries will continue failing until SMTP access is restored.
Q: Is it possible to archive emails before blocking SMTP?
A: Yes, you can use email forwarding rules or client rules to archive sent messages to another server. This preserves copies of emails that might otherwise be lost due to blocking.
Q: What are the risks of employees using personal webmail to bypass SMTP blocking?
A: It could increase malware risks if personal accounts have lower defenses. Company data might also be exposed if employees forward restricted information to their personal inboxes.
Q: How can I implement exceptions to SMTP blocking?
A: Configure firewall or email filter rules to permit specified IP addresses, domains, or email accounts to send mail as needed. This allows maintaining the block while allowing some mail through.